• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 410
  • Last Modified:

SAS Adapter for PC

I am looking to implement SED drives for some desktop machines.  Because there are so few SATA SED (self encrypting) drives, it seems easier to use an SAS SED drive.

Anyone know of a reasonably priced SAS drive adapter that will go into a PC and allow the use of an internal SAS drive to replace the existing SATA drive.  I need one that can handle SAS SED drives.

Or some way to leverage the TPM chip in the desktop machine, so that if the hard drive is removed from the desktop machine, the encryption key is thus separated from the SED drive and the data is unreadable.
0
dakota5
Asked:
dakota5
  • 2
  • 2
3 Solutions
 
DavidPresidentCommented:
LSI has them, but you're in for some sticker shock.   It probably doesn't make sense to do this to a desktop computer.  

But if you must ...
Here is link for the software, and it tells you what MegaRaid controllers are compatible.  
http://www.lsi.com/products/raid-controllers/pages/megaraid-safestore-software.aspx

software & firmware $150, and cheapest controller 9260-4i maybe $350 or so.
0
 
Rich RumbleSecurity SamuraiCommented:
Again my article :)
http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html

TPM isn't all that great, and since the Gov't has a hard enough time against non-TPM software, I wouldn't even recommend its use. I don't trust it:
https://www.schneier.com/blog/archives/2005/08/trusted_computi.html
https://www.schneier.com/crypto-gram-0208.html#1
And UEFI is probably worse to trust: https://www.blackhat.com/presentations/bh-usa-07/Heasman/Presentation/bh-usa-07-heasman.pdf

I use TrueCrypt myself, Bruce Schneier uses TC, Snowden used TC. I think it's a good solution as well.

-rich
0
 
DavidPresidentCommented:
I'm a professional storage developer/architect .. i assure you the SED / TCG is rock solid, fast, and safe.  It works flawlessly with RAID as well.  

As far as the government having troubles, they can't even get the ObamaCare site up after 3+ years and $1B, so  let's not use the government as a baseline for getting anything working right.

TrueCrypt, BitLocker & PGP can be decrypted easily with a $299 product.
0
 
Rich RumbleSecurity SamuraiCommented:
>TrueCrypt, BitLocker & PGP can be decrypted easily with a $299 product.
Only when the OS is running, or has been in hibernation and it has to support a FireWire connection (and or be able to have a plug-n-play Firewire adapter). Passware and Elcomsoft both have the same "decryptor" but it only accesses the decryption key in RAM or from a hibernation file.
All covered in my article linked above btw :) Nothing wrong with hardware or software, but you have to know the attack vectors for each, and both have the same attack's, when the OS is running the data is not encrypted, when the OS is off, the data can't be accessed (save a plain-text hibernation for page file). Security is a process and not a program, you have to understand the risks and weigh the likelihood of the attacks as well.
-rich
0
 
dakota5Author Commented:
Thank you for continuing with this line of questioning.  richcrumble has provided great background and high-level information, but I appreciate diethe giving me some practical information.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now